Clean up & sign release artifacts #422
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build OpenFX libs and examples | |
permissions: | |
id-token: write | |
contents: write | |
actions: write | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
release: | |
types: | |
- published | |
jobs: | |
build: | |
name: '${{ matrix.name_prefix }} <config=${{ matrix.buildtype }}>' | |
# Avoid duplicated checks when a pull_request is opened from a local branch. | |
if: | | |
github.event_name == 'push' || | |
github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ${{ matrix.os }} | |
container: ${{ matrix.container }} | |
env: | |
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: 'true' | |
ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# Github removed support for these older CentOS versions | |
# Nov 2024 by removing node16; all actions use node20 now | |
# which doesn't run on CentOS 7 due to too-old GLIBC. | |
# - name_prefix: Linux CentOS 7 VFX CY2021 | |
# release_prefix: linux-vfx2021 | |
# ostype: linux | |
# aswfdockerbuild: true | |
# os: ubuntu-latest | |
# container: aswf/ci-base:2021 | |
# vfx-cy: 2021 | |
# has_cmake_presets: false | |
# buildtype: Release | |
# conan_version: 2.1.0 | |
# cxx-standard: 17 | |
# cxx-compiler: clang++ | |
# cc-compiler: clang | |
# compiler-desc: Clang | |
# checkout_version: 3 | |
# cuda: false | |
# opencl: true | |
# - name_prefix: Linux CentOS 7 VFX CY2022 | |
# release_prefix: linux-vfx2022 | |
# ostype: linux | |
# aswfdockerbuild: true | |
# os: ubuntu-latest | |
# container: aswf/ci-base:2022 | |
# vfx-cy: 2022 | |
# has_cmake_presets: false | |
# buildtype: Release | |
# conan_version: 2.1.0 | |
# cxx-standard: 17 | |
# cxx-compiler: clang++ | |
# cc-compiler: clang | |
# compiler-desc: Clang | |
# checkout_version: 3 | |
# cuda: false | |
# opencl: true | |
- name_prefix: Linux Rocky 8 VFX CY2023 | |
release_prefix: linux-vfx2023 | |
ostype: linux | |
aswfdockerbuild: true | |
os: ubuntu-latest | |
container: aswf/ci-base:2023 | |
vfx-cy: 2023 | |
has_cmake_presets: false | |
buildtype: Release | |
conan_version: 2.1.0 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
cuda: false | |
opencl: true | |
- name_prefix: Linux Rocky 8 VFX CY2023 No OpenGL | |
release_prefix: linux-vfx2023-no-ogl | |
ostype: linux | |
aswfdockerbuild: true | |
os: ubuntu-latest | |
container: aswf/ci-base:2023 | |
vfx-cy: 2023 | |
has_cmake_presets: false | |
buildtype: Release | |
conan_version: 2.1.0 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
opengl: false | |
- name_prefix: Linux Ubuntu | |
release_prefix: linux-ubuntu | |
ostype: linux | |
aswfdockerbuild: false | |
os: ubuntu-latest | |
has_cmake_presets: true | |
buildtype: Release | |
conan_version: 2.1.0 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
cuda: true | |
opencl: true | |
- name_prefix: MacOS | |
release_prefix: mac | |
ostype: mac | |
os: macos-latest | |
has_cmake_presets: true | |
buildtype: Release | |
conan_version: 2.1.0 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
cuda: false | |
opencl: true | |
- name_prefix: Windows | |
release_prefix: windows | |
ostype: windows | |
os: windows-latest | |
has_cmake_presets: true | |
buildtype: Release | |
conan_version: 2.1.0 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
cuda: true | |
opencl: true | |
- name_prefix: Windows no CUDA | |
release_prefix: windows-no-cuda | |
ostype: windows | |
os: windows-latest | |
has_cmake_presets: true | |
buildtype: Release | |
conan_version: 2.0.16 | |
cxx-standard: 17 | |
cxx-compiler: clang++ | |
cc-compiler: clang | |
compiler-desc: Clang | |
checkout_version: 4 | |
cuda: false | |
opencl: false | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout code (v4) | |
uses: actions/checkout@v4 | |
if: matrix.checkout_version == 4 | |
with: | |
clean: true | |
fetch-depth: 0 | |
- name: Checkout code (v3) | |
uses: actions/checkout@v3 | |
if: matrix.checkout_version == 3 | |
with: | |
clean: true | |
fetch-depth: 0 | |
- name: setup env vars | |
run: | | |
git config --global --add safe.directory $PWD # needed for checkout v3, doesn't hurt anyway | |
BUILDTYPE_LC=$(echo '${{ matrix.buildtype }}'|tr [:upper:] [:lower:]) | |
echo "BUILDTYPE_LC=$BUILDTYPE_LC" >> $GITHUB_ENV | |
echo "OSNAME=$(echo '${{ matrix.os }}'|sed 's/-.*//')" >> $GITHUB_ENV | |
echo "GIT_COMMIT_ID=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
echo "CONAN_PRESET=conan-$BUILDTYPE_LC" >> $GITHUB_ENV | |
echo "BUILD_DIR=build/${{ matrix.buildtype }}" >> $GITHUB_ENV | |
- name: Set RELEASE_NAME | |
# this looks like "linux-vfx2022-1.5[-no-opengl]"; used in filenames | |
run: | | |
RELEASE_PREFIX=${{ matrix.release_prefix }} | |
OPENGL_BUILD=${{ env.OPENGL_BUILD }} | |
if [ "${{ github.ref_type }}" == "tag" ]; then | |
REF_SUFFIX=$(echo "${{ github.ref_name }}" | sed 's/OFX_Release_//') | |
else | |
REF_SUFFIX=$(echo ${{ github.sha }} | cut -c1-8) | |
fi | |
echo "RELEASE_NAME=${RELEASE_PREFIX}-${REF_SUFFIX}${OPENGL_BUILD}" >> $GITHUB_ENV | |
- name: Set up python 3.11 | |
uses: actions/setup-python@v5 | |
if: matrix.ostype == 'mac' | |
with: | |
python-version: '3.11' | |
# Q: should we use uv everywhere? | |
# Unfortunately astral-sh/setup-uv action doesn't work on CentOS 7, its GLIBC is too old. | |
# BUT this CI build doesn't work on CentOS 7 anyway, due to recent github changes. | |
# Keep this uv code in case we'd like to install python and conan with uv, but for now | |
# it is not used. | |
- name: Set up uv manually | |
if: matrix.release_prefix == 'linux-vfx2021' | |
run: | | |
curl -LsSf https://astral.sh/uv/install.sh | sh | |
source ~/.local/bin/env | |
echo After sourcing uv env: "$PATH" | |
uv python install --preview 3.11 | |
# Add symlinks for python3 and python | |
(cd ~/.local/bin; ln -sf python3.11 python3; ln -sf python3.11 python) | |
# Save updated path | |
echo "PATH=$PATH" >> $GITHUB_ENV | |
- name: Check python, uv paths | |
run: | | |
echo $PATH | |
echo -n 'which python: ' && which python | |
echo -n 'which python3: ' && which python3 | |
echo -n 'python version: ' && python --version | |
echo -n 'python3 version: ' python3 --version | |
which uv || echo "No python uv; continuing" | |
- name: Install Conan | |
id: conan | |
uses: turtlebrowser/get-conan@main | |
with: | |
version: ${{ matrix.conan_version }} | |
- name: Set up conan | |
run: | | |
which conan | |
conan --version | |
conan profile detect | |
- name: Install system dependencies if needed | |
uses: ConorMacBride/install-package@v1 | |
if: ${{ matrix.aswfdockerbuild == false }} | |
with: | |
apt: libgl-dev libgl1-mesa-dev | |
- name: Install gh cli if needed | |
if: ${{ matrix.aswfdockerbuild == true }} | |
run: | | |
dnf -y install 'dnf-command(config-manager)' | |
dnf -y config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo | |
dnf -y install gh --repo gh-cli | |
gh --version | |
- name: Setup MSVC | |
if: startsWith(matrix.os, 'windows') | |
uses: ilammy/[email protected] # use cl, not msbuild | |
# We use cl.exe because it can find CUDA without the CUDA visual studio integration, | |
# which is extremely slow to install (see Jimver/cuda-toolkit below) | |
# See comments at https://github.com/Jimver/cuda-toolkit/issues/253 | |
- name: Setup Ninja | |
uses: seanmiddleditch/gha-setup-ninja@v4 | |
- name: Install CUDA Toolkit | |
uses: Jimver/[email protected] | |
id: cuda-toolkit-linux | |
if: matrix.ostype == 'linux' && matrix.cuda == true | |
with: | |
cuda: '12.1.0' | |
method: 'network' | |
sub-packages: '["nvcc", "cudart"]' | |
linux-local-args: '["--toolkit"]' | |
- name: Install CUDA Toolkit | |
uses: Jimver/[email protected] | |
id: cuda-toolkit-win | |
if: matrix.ostype == 'windows' && matrix.cuda == true | |
with: | |
# Need CUDA >= 12.4 to support recent VS2022 (17.10 and later, MSVC 19.40) | |
cuda: '12.4.1' | |
method: 'network' | |
sub-packages: '["nvcc", "cudart"]' | |
# - name: Install system dependencies (CentOS) | |
# run: | | |
# rpm install libglvnd-devel | |
- name: Install dependencies | |
run: | | |
[[ "${{ matrix.opengl }}" != false && "${{ matrix.opencl }}" = true ]] && USE_OPENCL="-o use_opencl=True" | |
conan install -s build_type=${{ matrix.buildtype }} -pr:b=default --build=missing . -c tools.cmake.cmaketoolchain:generator=Ninja $USE_OPENCL | |
- name: Configure project with cmake | |
run: | | |
CMAKE_DEFINES=(-DBUILD_EXAMPLE_PLUGINS=TRUE \ | |
-DPLUGIN_INSTALLDIR=$(pwd)/build/Install) | |
if [[ "${{ matrix.opengl }}" != false ]] ; then | |
echo "OPENGL_BUILD=" >> $GITHUB_ENV | |
CMAKE_DEFINES+=(-DOFX_SUPPORTS_OPENGLRENDER=TRUE) | |
[[ "${{ matrix.opencl }}" = true ]] && CMAKE_DEFINES+=(-DOFX_SUPPORTS_OPENCLRENDER=TRUE) | |
[[ "${{ matrix.cuda }}" = true ]] && CMAKE_DEFINES+=(-DOFX_SUPPORTS_CUDARENDER=TRUE) | |
else | |
echo "OPENGL_BUILD=-no-ogl" >> $GITHUB_ENV | |
fi | |
CMAKE_GENERATOR=(-G Ninja) | |
if [[ ${{ matrix.has_cmake_presets }} = true ]]; then | |
# Sets up to build in e.g. build/Release | |
cmake --preset $CONAN_PRESET ${CMAKE_GENERATOR[@]} ${CMAKE_DEFINES[@]} . | |
else | |
# VFX ref platforms 2022 & earlier have only cmake 3.19. | |
# Older cmake (<3.23) does not support presets, so invoke with explicit args. | |
cmake -S . -B $BUILD_DIR -G "Unix Makefiles" \ | |
-DCMAKE_TOOLCHAIN_FILE=$(pwd)/$BUILD_DIR/generators/conan_toolchain.cmake \ | |
-DCMAKE_POLICY_DEFAULT_CMP0091=NEW \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
${CMAKE_DEFINES[@]} | |
fi | |
- name: Build with cmake | |
run: | | |
if [[ ${{ matrix.ostype }} = windows ]]; then | |
cmake --build $BUILD_DIR --target install --config Release --parallel | |
else | |
cmake --build $BUILD_DIR --target install --parallel | |
fi | |
- name: Install with cmake | |
run: | | |
if [[ ${{ matrix.ostype }} = windows ]]; then | |
cmake --install $BUILD_DIR --config Release | |
else | |
cmake --install $BUILD_DIR | |
fi | |
# This isn't used for release; just checks that makefiles still work. | |
- name: Build old stuff with make | |
run: | | |
if [[ ${{ matrix.ostype }} = windows ]]; then | |
echo No Windows nmake build yet | |
else | |
(cd Examples; make -j) | |
# should build Support/Plugins too, but those need work | |
fi | |
############################################################ | |
# Installation: produce release artifacts | |
############################################################ | |
- name: Copy includes and libs into release folder for installation | |
# Dir structure: | |
# Install/OpenFX | |
# lib | |
# *.a or *.lib | |
# include/ | |
# openfx/*.h | |
# Support/*.h | |
# HostSupport/*.h | |
# so e.g `#include <openfx/Support/foo.h>` works with `-I.../OpenFX/include` | |
run: | | |
mkdir -p Install/OpenFX/include/openfx | |
tar -C include \ | |
--exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \ | |
--exclude='DocSrc' \ | |
-cf - . \ | |
| tar -xf - -C Install/OpenFX/include/openfx | |
mkdir -p Install/OpenFX/include/openfx/Support | |
tar -C Support/include/ --exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \ | |
--exclude='DocSrc' \ | |
-cf - . \ | |
| tar -xf - -C Install/OpenFX/include/openfx/Support/ | |
mkdir -p Install/OpenFX/include/openfx/HostSupport | |
tar -C HostSupport/include/ --exclude='*.png' --exclude='*.doxy' --exclude='*.dtd' \ | |
--exclude='DocSrc' \ | |
-cf - . \ | |
| tar -xf - -C Install/OpenFX/include/openfx/HostSupport/ | |
mkdir -p Install/OpenFX/lib | |
find build -name 'lib*' -type f -exec cp {} Install/OpenFX/lib/ \; | |
# Artifacts for build & release: | |
# - Header files, doc, and support libs, for use when developing hosts & plugins | |
# - Built/installed example plugins, for testing in a host | |
# Create and sign headers/libs tarball | |
- name: Create headers/libs tarball | |
run: | | |
tar -czf openfx-$RELEASE_NAME.tar.gz -C Install OpenFX | |
- name: Sign header/libs tarball with Sigstore | |
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0 | |
# if: github.event_name == 'release' | |
with: | |
inputs: openfx-${{ env.RELEASE_NAME }}.tar.gz | |
upload-signing-artifacts: false | |
release-signing-artifacts: false | |
- name: Upload header/libs tarball and signatures | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "openfx-${{ env.RELEASE_NAME }}" | |
path: | | |
openfx-${{ env.RELEASE_NAME }}.tar.gz | |
openfx-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json | |
# Now the same, for the plugins | |
- name: Create built/installed plugins tarball | |
run: | | |
tar -czf openfx_plugins-$RELEASE_NAME.tar.gz -C build/Install . | |
- name: Sign plugins tarball with Sigstore | |
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0 | |
with: | |
inputs: openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz | |
upload-signing-artifacts: false | |
release-signing-artifacts: false | |
- name: Upload plugins tarball and signatures | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "openfx_plugins-${{ env.RELEASE_NAME }}" | |
path: | | |
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz | |
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json | |
- name: Upload artifacts to release | |
if: github.event_name == 'release' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
TAG: ${{ github.ref_name }} | |
run: | | |
gh release upload ${TAG} \ | |
openfx-${{ env.RELEASE_NAME }}.tar.gz \ | |
openfx-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json \ | |
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz \ | |
openfx_plugins-${{ env.RELEASE_NAME }}.tar.gz.sigstore.json |